CN116264688A - Key generation method, device, equipment and readable storage medium - Google Patents

Key generation method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN116264688A
CN116264688A CN202111527694.0A CN202111527694A CN116264688A CN 116264688 A CN116264688 A CN 116264688A CN 202111527694 A CN202111527694 A CN 202111527694A CN 116264688 A CN116264688 A CN 116264688A
Authority
CN
China
Prior art keywords
key
request
session
group
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111527694.0A
Other languages
Chinese (zh)
Inventor
黄晓婷
庄小君
田野
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202111527694.0A priority Critical patent/CN116264688A/en
Priority to PCT/CN2022/139007 priority patent/WO2023109865A1/en
Publication of CN116264688A publication Critical patent/CN116264688A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/66Trust-dependent, e.g. using trust scores or trust relationships

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a key generation method, device, equipment and readable storage medium, relating to the technical field of communication and aiming at saving signaling resources. The method comprises the following steps: when AS and terminal need to establish service connection, according to group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS . The embodiment of the application can save signaling resources.

Description

Key generation method, device, equipment and readable storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for generating a key.
Background
The architecture and flow of application layer authentication and key management (Authentication and Key Management for Applications, AKMA) are defined in the standard. The AKMA technology can be used for authentication and authorization between a terminal and an edge computing server in an edge computing scene and security protection of a service channel between the terminal and the edge computing server.
In the application scenarios such as edge computing, the same edge node has a plurality of service servers, and the service servers belong to the same trust domain or the same vertical industry application. In this case, an AKMA procedure is performed between the terminal and each service server, such that the core network (AAnF (AKMA anchor function)) performs the AKMA procedure and generates a final key (K) for each service server, respectively AF )。
It can be seen that in the prior art, for each request of the AF (Application Function ) to AAnF, the AAnF needs to perform the AKMA procedure and generate a corresponding final key for the AF, thereby wasting resources of the core network and signaling procedures.
Disclosure of Invention
The embodiment of the application provides a key generation method, device and equipment and a readable storage medium, so as to save signaling resources.
In a first aspect, an embodiment of the present application provides a key generating method, applied to AF, including:
when AS (Application Service, application server) and terminal need to establish service connection, according to group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
Wherein the one or more ases belong to the same trust domain.
Wherein the method further comprises:
transmitting a corresponding session key K to the one or more AS AS
Wherein, in the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS Previously, the method further comprises:
obtaining the group key K AF
Wherein the obtaining of the group key K AF Comprising:
receiving a first request of the terminal, the first request comprising an intermediate key K AKMA A corresponding key identification;
according toThe key identifier obtains a group key K from AAnF AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the obtaining of the group key K AF Comprising:
receiving a second request of the AS, the second request including an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the group key K is obtained from an application layer authentication and session key management anchor function AAnF according to the key identification AF Comprising:
sending a third request to the AAnF, wherein the third request comprises the key identification and an AF identification (AF_ID);
receiving the group key K sent by the AAnF according to the third request AF
Wherein, the preset parameters comprise AS identification AS_ID; said group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS Comprising:
according to the group key K AF And AS_IDs of the one or more ASes, generating corresponding session keys K for the one or more ASes AS
Wherein the session key K is generated according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
Wherein the as_id is sent by the one or more AS to the AF.
In a second aspect, an embodiment of the present application provides a key generating method, applied to an AS, including:
when a service connection needs to be established with a terminal, a session key K is acquired from AF AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
Wherein, the session key K is acquired from AF AS Comprising:
receiving a fourth request sent by the terminal, wherein the fourth request comprises an intermediate key K AKMA A corresponding key identification;
sending a fifth request to the AF according to the key identification, wherein the fifth request comprises the key identification and the AS_ID of the AS;
receiving the session key K sent by the AF AS
In a third aspect, an embodiment of the present application provides a key generating method, which is applied to a terminal, and includes:
when a service connection is required to be established with an AS, the service connection is established according to a group key K AF And preset parameters, generating a session key K AS
Wherein the method further comprises: triggering the AS to acquire a session key K AS
Wherein the triggering of the AS to obtain the session key K AS Comprising any one of the following:
transmitting a sixth request to AAnF, the sixth request including the intermediate key K AKMA The sixth request is used for triggering the AAnF to identify according to the group key K AF And preset parameters, generating a corresponding session key K for the AS AS
Sending a seventh request to the AS, the seventh request including an intermediate key K AKMA A corresponding key identifier, where the seventh request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS
Wherein, the preset parameters comprise AS identification AS_ID; generating a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
In a fourth aspect, an embodiment of the present application provides a key generating device, applied to AF, including:
a first generation module, configured to, when the AS and the terminal need to establish a service connection, generate a group key K according to the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
Wherein the one or more ases belong to the same trust domain.
Wherein the apparatus further comprises:
a first sending module, configured to send a corresponding session key K to the one or more ases AS
Wherein the apparatus further comprises:
a first acquisition module for acquiring the group key K AF
Wherein, the first acquisition module includes:
A first receiving sub-module for receiving a first request of the terminal, the first request including an intermediate key K AKMA A corresponding key identification;
a first obtaining sub-module for obtaining the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein, the first acquisition module includes:
a first receiving sub-module for receiving a second request of the AS, the second request including an intermediate key K AKMA A corresponding key identification;
a first obtaining sub-module for obtaining the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the first acquisition submodule includes:
a first sending unit, configured to send a third request to the AAnF, where the third request includes the key identifier and an AF identifier af_id;
a first receiving unit, configured to send a group key K according to the third request by using the AAnF AF
Wherein, the preset parameters comprise AS identification AS_ID; the first generation module is used for generating a group key K according to the group key AF And AS_IDs of the one or more ASes, generating corresponding session keys K for the one or more ASes AS
Wherein the first generation module is configured to generate a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
In a fifth aspect, an embodiment of the present application provides a key generating apparatus, applied to an AS, including:
a first acquisition module for acquiring a session key K from AF when a service connection needs to be established with the terminal AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
Wherein, the first acquisition module includes:
a first receiving sub-module, configured to receive a fourth request sent by the terminal, where the fourth request includes an intermediate key K AKMA A corresponding key identification;
a first sending sub-module, configured to send a fifth request to the AF according to the key identifier, where the fifth request includes the key identifier and an as_id of the AS;
a first obtaining sub-module for receiving the session key K sent by the AF AS
In a sixth aspect, an embodiment of the present application provides a key generating device, which is applied to a terminal, including:
a first generation module for, when a service connection needs to be established with the AS, generating a group key K according to the group key K AF And preset parameters, generating a session key K AS
Wherein the apparatus further comprises:
a first triggering module, configured to trigger the AS to acquire a session key K AS
The first triggering module is used for executing any one of the following:
transmitting a sixth request to AAnF, the sixth request including the intermediate key K AKMA The sixth request is used for triggering the AAnF to identify according to the group key K AF And preset parameters, generating a corresponding session key K for the AS AS
Sending a seventh request to the AS, the seventh request including an intermediate key K AKMA A corresponding key identifier, where the fifth request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS
Wherein, the preset parameters comprise AS identification AS_ID; the first generation module is used for generating a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
In a seventh aspect, an embodiment of the present application provides a key generating apparatus, applied to AF, including: a processor and a transceiver;
the processor is used for, when the AS and the terminal need to establish service connection, according to the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
Wherein the one or more ases belong to the same trust domain.
Wherein the transceiver is configured to send a corresponding session key K to the one or more ases AS
Wherein the processor is further configured to: obtaining the group key K AF
Wherein the processor is further configured to:
receiving a first request of the terminal, the first request comprising an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the processor is further configured to:
receiving a second request of the AS, the second request including an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the processor is further configured to:
sending a third request to the AAnF, wherein the third request comprises the key identification and an AF identification (AF_ID);
receiving the group key K sent by the AAnF according to the third request AF
Wherein, the preset parameters comprise AS identification AS_ID; the processor is further configured to:
According to the group key K AF And AS_IDs of the one or more ASes, generating corresponding session keys K for the one or more ASes AS
Wherein the processor is further configured to generate a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
In an eighth aspect, an embodiment of the present application provides a key generating apparatus, applied to an AS, including: a processor and a transceiver;
the processor is used for acquiring the session key K from the AF when the service connection needs to be established with the terminal AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
Wherein the processor is further configured to:
receiving a fourth request sent by the terminal, wherein the fourth request comprises an intermediate key K AKMA A corresponding key identification;
sending a fifth request to the AF according to the key identification, wherein the fifth request comprises the key identification and the AS_ID of the AS;
receiving the session key K sent by the AF AS
In a ninth aspect, an embodiment of the present application provides a key generating device, applied to a terminal, including: a processor and a transceiver;
the processor is used for, when the service connection needs to be established with the AS, according to the group key K AF And preset parameters, generating a session key K AS
Wherein the processor is further configured to trigger the AS to acquire a session key K AS
Wherein the processor is further configured to perform any one of:
transmitting a sixth request to AAnF, the sixth request including the intermediate key K AKMA The sixth request is used for triggering the AAnF to identify according to the group key K AF And preset parameters, generating a corresponding session key K for the AS AS
Sending a fifth request to the AS, the fifth request including an intermediate key K AKMA A corresponding key identifier, where the seventh request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS
Wherein, the preset parameters comprise AS identification AS_ID; wherein the processor is further configured to generate a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
In a tenth aspect, embodiments of the present application further provide a communication device, including: a transceiver, a memory, a processor and a program stored on the memory and executable on the processor, which processor implements the steps in the key generation method as described above when executing the program.
In an eleventh aspect, embodiments of the present application further provide a readable storage medium having stored thereon a program which, when executed by a processor, implements the steps in the key generation method as described above.
In the embodiment of the application, the AF generates the session key K for one or more AS AS . Therefore, by using the scheme of the embodiment of the application, repeated requests of a plurality of AS to the core network AKMA flow are avoided, so that signaling resources are saved.
Drawings
Fig. 1 is a schematic diagram of an AKMA key hierarchy of an embodiment of the present application;
FIG. 2 is one of the flowcharts of the key generation method provided in the embodiments of the present application;
FIG. 3 is a second flowchart of a key generation method according to an embodiment of the present disclosure;
FIG. 4 is a third flowchart of a key generation method provided in an embodiment of the present application;
FIG. 5 is a fourth flowchart of a key generation method provided by an embodiment of the present application;
FIG. 6 is a fifth flowchart of a key generation method provided by an embodiment of the present application;
fig. 7 is one of the block diagrams of the key generating apparatus provided in the embodiment of the present application;
FIG. 8 is a second block diagram of the key generation apparatus provided in the embodiment of the present application;
fig. 9 is a third configuration diagram of the key generation apparatus provided in the embodiment of the present application;
fig. 10 is a fourth block diagram of the key generation apparatus provided in the embodiment of the present application;
FIG. 11 is a fifth block diagram of a key generation apparatus provided in the embodiment of the present application;
Fig. 12 is a sixth configuration diagram of a key generation apparatus provided in the embodiment of the present application.
Detailed Description
In the embodiment of the application, the term "and/or" describes the association relationship of the association objects, which means that three relationships may exist, for example, a and/or B may be represented: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The term "plurality" in the embodiments of the present application means two or more, and other adjectives are similar thereto.
The techniques described herein are not limited to NR (New Radio) systems and long term evolution (Long Time Evolution, LTE)/LTE evolution (LTE-Advanced, LTE-a) systems and may also be used for various wireless communication systems such as code division multiple access (Code Division Multiple Access, CDMA), time division multiple access (Time Division Multiple Access, TDMA), frequency division multiple access (Frequency Division Multiple Access, FDMA), orthogonal frequency division multiple access (Orthogonal Frequency Division Multiple Access, OFDMA), single-carrier frequency division multiple access (Single-carrier Frequency-Division Multiple Access, SC-FDMA), and other systems. The terms "system" and "network" are often used interchangeably. A CDMA system may implement radio technologies such as CDMA2000, universal terrestrial radio access (Universal Terrestrial Radio Access, UTRA), and the like. UTRA includes wideband CDMA (Wideband Code Division Multiple Access, WCDMA) and other CDMA variants. TDMA systems may implement radio technologies such as the global system for mobile communications (Global System for Mobile Communication, GSM). OFDMA systems may implement radio technologies such as ultra mobile broadband (UltraMobile Broadband, UMB), evolved UTRA (E-UTRA), IEEE 802.21 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, flash-OFDM, and the like. UTRA and E-UTRA are parts of the universal mobile telecommunications system (Universal Mobile Telecommunications System, UMTS). LTE and higher LTE (e.g., LTE-a) are new UMTS releases that use E-UTRA. UTRA, E-UTRA, UMTS, LTE, LTE-a and GSM are described in the literature from an organization named "third generation partnership project" (3rd Generation Partnership Project,3GPP). CDMA2000 and UMB are described in the literature from an organization named "third generation partnership project 2" (3 GPP 2). The techniques described herein may be used for the systems and radio technologies mentioned above as well as for other systems and radio technologies. However, the following description describes an NR system for purposes of example, and NR terminology is used in much of the description below, although the techniques may also be applied to applications other than NR system applications.
The following description provides examples and does not limit the scope, applicability, or configuration as set forth in the claims. Changes may be made in the function and arrangement of elements discussed without departing from the spirit and scope of the disclosure. Various examples may omit, substitute, or add various procedures or components as appropriate. For example, the described methods may be performed in an order different than described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.
Fig. 1 shows a key hierarchy for subsequent key derivation using an intermediate key KAUSF in a 5G key architecture, where ME denotes a Mobile Equipment (Mobile Equipment) and HPLMN (Home Public Land Mobile Network) denotes a home PLMN (Public Land Mobile Network ). Wherein an AF may correspond to multiple ases that belong to the same trust domain or to the same vertical industry applicator.
In the embodiment of the application, KAF is used AS a root key or a group key of a certain trust domain, and key derivation for an AS related under the trust domain is performed. The specific method comprises the following steps:
K AS =KDF(K AF As_id), where KDF is a key derivation function, as_id may be the FQDN of the AS (Fully Qualified Domain Name ).
The following describes in detail the implementation of the embodiments of the present application in conjunction with different embodiments.
Referring to fig. 2, fig. 2 is a flowchart of a key generation method provided in an embodiment of the present application, applied to AF, as shown in fig. 2, including the following steps:
step 201, when AS and terminal need to establish service connection, according to group key K AF And pre-heatingSetting parameters, generating corresponding session keys K for one or more AS AS
Wherein the one or more ases belong to the same trust domain. Different ases may have different session keys K AS
Wherein the group key K AF The AF may be stored in the AF itself or may be acquired from AAnF. Optionally, before step 201, the AF obtains the group key K AF
Specifically, the AF may obtain the group key according to a request of the terminal, or may obtain the group key according to a request of the AS. Wherein the group key may also be referred to as a root key.
Specifically, the AF may receive a first request from the terminal, the first request including the intermediate key K AKMA Corresponding key identification (A-KID) and obtaining the group key K from AAnF based on said key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the first request may be Application Session Establishment Request (application session establishment request), for example. If the AF determines from the key identification that there is no activation context associated with the A-KID itself, then the AF may obtain the group key K from AAnF AF . If the AF determines from the key identification that it itself has an activation context associated with the A-KID, then the AF may obtain the group key K from the AF itself AF
Specifically, the AF may also receive a second request of the AS, which includes the intermediate key K AKMA Corresponding key identification (A-KID) and obtaining the group key K from AAnF based on said key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the second request may be, for example, a key request. If the AF determines from the key identification that there is no activation context associated with the A-KID itself, then the AF may obtain the group key K from AAnF AF . If the AF determines from the key identification that it itself has an activation context associated with the A-KID, then the AF may obtain the group key K from the AF itself AF
Obtaining a group key K from AAnF at AF AF In the process of (a), AF may send a third request to AAnF, wherein the third request comprises the key identification and AF identification AF_ID, and receives the group key K sent by AAnF according to the third request AF . For example, the AF may send a Naanf_AKMA_application Key_get request message to AAnF and obtain the group key K from AAnF AF
In this embodiment of the present application, the preset parameter includes an AS identifier as_id. The as_id may be sent to the AF by the one or more AS after receiving a service establishment request of the terminal, or may be determined by the AF according to pre-stored information after receiving a key request of the AS.
Specifically, the AF may generate the session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
Wherein, the AS ID may be the FQDN of the AS.
Optionally, the AF may also send the corresponding session key K to the one or more AS AS Thereby completing the establishment of the service connection with the terminal by the AS. Specifically, the AF may be generating the session key K AS Then directly sends the session key K to the AS, or the AS can send the session key K to the AS at the request AS And sent to the AS.
In the embodiment of the application, the AF generates the session key K for one or more AS AS . Therefore, by using the scheme of the embodiment of the application, repeated requests of a plurality of AS to the core network AKMA flow are avoided, so that signaling resources are saved.
Referring to fig. 3, fig. 3 is a flowchart of a key generation method provided in an embodiment of the present application, applied to an AS, AS shown in fig. 3, including the following steps:
step 301, when a service connection needs to be established with a terminal, a session key K is acquired from AF AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is what is shown asThe AF is based on the group key K AF And generating preset parameters.
In practical application, when receiving the service establishment request of the terminal, the AS can obtain the session key K from the AF AS
Specifically, the AS may receive a fourth request sent by the terminal, where the fourth request includes the intermediate key K AKMA And sending a fifth request to the AF according to the key identification, wherein the fifth request comprises the key identification and the AS_ID of the AS.
The fourth request may be, for example, a service establishment request, and the fifth request may be, for example, a key acquisition request.
In the embodiment of the application, the AF generates the session key K for belonging to one or more AS AS . Therefore, by using the scheme of the embodiment of the application, repeated requests of a plurality of AS to the core network AKMA flow are avoided, so that signaling resources are saved.
Referring to fig. 4, fig. 4 is a flowchart of a key generation method provided in an embodiment of the present application, which is applied to a terminal, as shown in fig. 4, and includes the following steps:
Step 401, when a service connection is required to be established with AS, according to the group key K AF And preset parameters, generating a session key K AS
Wherein, the preset parameter includes an AS identifier as_id. The terminal may generate a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
In the above embodiment, the terminal may also trigger the AS to acquire the session key K AS . The terminal may directly trigger the AF to generate a session key for the AS, or may trigger the AS to acquire the session key from the AF.
Specifically, the terminal may send a sixth request to AAnF, where the sixth request includes a key identifier corresponding to the intermediate key KAKMA, and the sixth request is used to trigger the received requestThe AAnF is based on the group key K AF And preset parameters, generating a corresponding session key K for the AS AS . Wherein the sixth request may be Application Session Establishment Request (application session establishment request), for example.
Specifically, the terminal may send a seventh request to the AS, the seventh request including the intermediate key K AKMA A corresponding key identifier, where the seventh request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS . Wherein the seventh request may be, for example, a service establishment request.
In the embodiment of the application, the AF generates the session key K for one or more AS AS . Therefore, by using the scheme of the embodiment of the application, repeated requests of a plurality of AS to the core network AKMA flow are avoided, so that signaling resources are saved.
In the examples of the present application, K is used AF AS a root key or group key of a certain trust domain, a key derivation for the relevant AS under that trust domain is performed. The specific method comprises the following steps:
K AS =KDF(K AF as_id), where KDF is a key derivation function, as_id may be the FQDN of the AS.
In the following embodiment, it is assumed that the terminal and the core network have completed K AKMA And establishing a secret key.
Referring to fig. 5, fig. 5 is a flowchart of a key generation method provided in an embodiment of the present application, where the method may include:
step 501, when a UE (User Equipment) initiates communication with an AKMA AF (AF), the message at Application Session Establishment Request (application session establishment request) includes an a-KID. The UE may derive K before or after sending the message AF
Wherein the UE, prior to interacting with the AKMA application server, is configured to select from K AUSF Derived from K AKMA And a-KID (key identification).
Step 502, if there is no activation context associated with A-KID in AKMA AF, AF sends Naanf_AKMA_application Key_get request message to AAnF, requesting K of UE AF The message carries an a-KID and an af_id. Wherein the af_id includes an FQDN of the AF and a Ua-protocol identifier, where the Ua-protocol identifier is used to identify a security protocol used between the AF and the UE. If there is an activation context associated with A-KID in AKMA AF, then AKMA AF directly acquires K in the activation context AF
Step 503, AAnF acquires K AF
AAnF can check whether AAnF can provide service to AF using af_id according to configured local policy or authorization information or policy provided by NRF (Network Repository Function, network storage function). Meanwhile, AAnF may determine whether the user is authorized to use AKMA by verifying whether the corresponding KAKMA can be found through a-KID.
When AAnF can provide service to AF and determine that the user is authorized to use AKMA, the following procedure is performed; otherwise, the AAnF refuses to execute the subsequent flow and sends an error response.
If AAnF does not have K AF If so, AAnF is composed of K AKMA Derived from K AF The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, the existing K can be directly utilized AF
Step 504, the AAnF sends Naanf_AKMA_application Key_get Response message to AKMA AF, and the Response message carries K AF And a lifecycle. Or, AAnF sends a nanf_akma_application key_get Response message to AKMA AF, and the Response message indicates that the AKMA key request fails.
Step 505, AKMA AF sends Application Session Establishment Response message to UE.
If the information in step 504 indicates that the AKMA key request failed, the AF shall reject the application session establishment request and carry the error cause in Application Session Establishment Response. The UE may then initiate a new application session establishment request to the AF, carrying the latest A-KID
Step 506)/506'// 506", the UE sends a service setup request to the edge computing service server (as_1/as_2/as_n), carrying the a-KID.
Step 507)/507', the edge computing service server (AS_1/AS_2/AS_N) sends a Key acquisition request (Key request) to the AF, carrying the A-KID, AS_ID.
Step 508)/508'// 508", AF deployed at the edge node generates corresponding K according to the key derivation method described above, respectively AS
Step 509)/509'// 509", the AF deployed at the edge node will correspond to K through Key response (Key response) AS And sent to the AS.
Step 510)/510 '// 510', the AS replies the UE service establishment response to complete the establishment of the security channel.
Referring to fig. 6, fig. 6 is a flowchart of a key generation method provided in an embodiment of the present application, where the method may include:
Step 601, the UE, prior to interacting with the AKMA application server, selects from K AUSF Derived from K AKMA And A-KID. The UE communicates with the AS (AS 1, for example) and the service set-up request (Application Session Establishment Request) message includes the a-KID.
Step 602, if there is no K associated with A-KID in AKMA AS AS The AS makes a Key request (Key request) to the AF. The AS sends a key request to the AF, carrying the A-KID.
Step 603, AF if there is no key K corresponding to A-KID AF If so, the AF sends Naanf_AKMA_application Key_get Request message to AAnF, carrying A-KID, AF_ID.
Step 604, AAnF pushing the derivative K AF And returns to AF.
Step 605, AAnF sends Naanf_AKMA_application Key_get Response message to AKMA AF, and the Response message carries K AF And a lifecycle.
Step 606, AF according to K AF Push and derive K AS_1
Step 607, AF will be K AS_1 Returns to as_1.
In step 608, the AS replies a service establishment response to the UE, completing the establishment of the security channel.
Step 609-step 613, when the UE communicates with other ases under the trust domain, the other ases directly request K to the AF AF AF and performing corresponding K AS To complete the security between the UE and other ASEstablishment and protection of full channels.
AS can be seen from the above description, with the scheme of the embodiment of the present application, the AF is K-based for the AS in the same trust domain AF Push and derive K AS Therefore, the signaling interaction flow of the core network is saved, and repeated requests of a service server from the same edge computing node to the AKMA flow of the core network are avoided; meanwhile, for the time-delay sensitive service scene, the scheme of the embodiment of the application is utilized, so that the interaction time delay is saved, and the service time delay requirement is more easily met.
The embodiment of the application also provides a key generation device which is applied to AF. Referring to fig. 7, fig. 7 is a block diagram of a key generation apparatus provided in an embodiment of the present application. As shown in fig. 7, the key generation apparatus 700 includes:
a first obtaining module 701, configured to, when the AS and the terminal need to establish a service connection, obtain a group key K according to the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
Wherein the one or more ases belong to the same trust domain.
Optionally, the apparatus may further include: a first sending module, configured to send a corresponding session key K to the one or more ases AS
Wherein the apparatus further comprises: a first acquisition module for acquiring the group key K AF
Wherein, the first acquisition module includes:
a first receiving sub-module for receiving a first request of the terminal, the first request including an intermediate key K AKMA A corresponding key identification;
a first obtaining sub-module for obtaining the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein, the first acquisition module includes:
a first receiving sub-module for receiving a second request of the AS, the second request comprisingIntermediate key K AKMA A corresponding key identification;
a first obtaining sub-module for obtaining the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the first acquisition submodule includes:
a first sending unit, configured to send a third request to the AAnF, where the third request includes the key identifier and an AF identifier af_id;
a first receiving unit, configured to send a group key K according to the third request by using the AAnF AF
Wherein, the preset parameters comprise AS identification AS_ID; the first generation module is used for generating a group key K according to the group key AF And AS_IDs of the one or more ASes, generating corresponding session keys K for the one or more ASes AS
Wherein the first generation module is configured to generate a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
The device provided in the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
The embodiment of the application also provides a key generation device which is applied to the AS. Referring to fig. 8, fig. 8 is a block diagram of a key generation apparatus provided in an embodiment of the present application. As shown in fig. 8, the key generation apparatus 800 includes:
a first obtaining module 801 for obtaining a session key K from the AF when a service connection needs to be established with the terminal AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
Wherein, the first acquisition module includes:
a first receiving sub-module, configured to receive a fourth request sent by the terminal, where the fourth request includes an intermediate key K AKMA A corresponding key identification;
a first sending sub-module, configured to send a fifth request to the AF according to the key identifier, where the fifth request includes the key identifier and an as_id of the AS;
a first obtaining sub-module for receiving the session key K sent by the AF AS
The device provided in the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
The embodiment of the application also provides a key generation device which is applied to the terminal. Referring to fig. 9, fig. 9 is a block diagram of a key generation apparatus provided in an embodiment of the present application. As shown in fig. 9, the key generation apparatus 900 includes:
a first generating module 901 for, when a service connection needs to be established with the AS, generating a group key K according to the group key K AF And preset parameters, generating a session key K AS
Wherein the apparatus may further comprise:
a first triggering module, configured to trigger the AS to acquire a session key K AS
The first triggering module is used for executing any one of the following:
transmitting a sixth request to AAnF, the sixth request including the intermediate key K AKMA The sixth request is used for triggering the AAnF to identify according to the group key K AF And preset parameters, generating a corresponding session key K for the AS AS
Sending a seventh request to the AS, the seventh request including an intermediate key K AKMA A corresponding key identifier, where the fifth request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS
Wherein, the preset parameters comprise AS identification AS_ID; the first generation module is used for generating a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
The device provided in the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
It should be noted that, in the embodiment of the present application, the division of the units is schematic, which is merely a logic function division, and other division manners may be implemented in actual practice. In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a processor-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
An embodiment of the present application provides a key generation apparatus, applied to AF, as shown in fig. 10, including: a processor 1001 and a transceiver 1002;
the processor 1001 is configured to, when the AS and the terminal need to establish a service connectionAt the time of receiving, based on the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
Wherein the one or more ases belong to the same trust domain;
wherein the transceiver 1002 is configured to send a corresponding session key K to the one or more ases AS
Wherein the processor 1001 is further configured to: obtaining the group key K AF
Wherein the processor 1001 is further configured to:
receiving a first request of the terminal, the first request comprising an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the processor 1001 is further configured to:
receiving a second request of the AS, the second request including an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
Wherein the processor 1001 is further configured to:
sending a third request to the AAnF, wherein the third request comprises the key identification and an AF identification (AF_ID);
receiving the group key K sent by the AAnF according to the third request AF
Wherein, the preset parameters comprise AS identification AS_ID; the processor is further configured to:
according to the group key K AF And AS_IDs of the one or more ASes, generating corresponding session keys K for the one or more ASes AS
Wherein the processor 1001 is further configured to generate a session according to the following formulaKey K AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
The device provided in the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
An embodiment of the present application provides a key generating device, which is applied to an AS, AS shown in fig. 11, and includes: a processor 1101 and a transceiver 1102;
the processor 1101 is configured to obtain a session key K from the AF when a service connection needs to be established with the terminal AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
Wherein the processor 1101 is further configured to:
receiving a fourth request sent by the terminal, wherein the fourth request comprises an intermediate key K AKMA A corresponding key identification;
sending a fifth request to the AF according to the key identification, wherein the fifth request comprises the key identification and the AS_ID of the AS;
receiving the session key K sent by the AF AS
The device provided in the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
An embodiment of the present application provides a key generating device, which is applied to a terminal, as shown in fig. 12, including: a processor 1201 and a transceiver 1202;
the processor 1201 is configured to, when a service connection needs to be established with the AS, generate a group key K AF And preset parameters, generating a session key K AS
Wherein the processor 1201 is further configured to trigger the AS to acquire the session key K AS
Wherein the processor 1201 is further configured to perform any one of the following:
transmitting a sixth request to AAnF, the sixth request including the intermediate key K AKMA The sixth request is used for triggering the AAnF to identify according to the group key K AF And preset parameters, generating a corresponding session key K for the AS AS
Sending a fifth request to the AS, the fifth request including an intermediate key K AKMA A corresponding key identifier, where the seventh request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS
Wherein, the preset parameters comprise AS identification AS_ID; wherein the processor is further configured to generate a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
The device provided in the embodiment of the present application may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
The embodiment of the application provides a communication device, which comprises: a memory, a processor, and a program stored on the memory and executable on the processor; the processor is configured to read a program in the memory to implement the steps in the key generation method as described above.
The embodiment of the present application further provides a readable storage medium, where a program is stored, where the program, when executed by a processor, implements each process of the foregoing embodiment of the key generation method, and the same technical effects can be achieved, so that repetition is avoided, and details are not repeated here. The readable storage medium may be any available medium or data storage device that can be accessed by a processor, including, but not limited to, magnetic memories (e.g., floppy disks, hard disks, magnetic tapes, magneto-optical disks (MO), etc.), optical memories (e.g., CD, DVD, BD, HVD, etc.), semiconductor memories (e.g., ROM, EPROM, EEPROM, nonvolatile memories (NAND FLASH), solid State Disks (SSD)), etc.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. In light of such understanding, the technical solutions of the present application may be embodied essentially or in part in the form of a software product stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and including instructions for causing a terminal (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in the embodiments of the present application.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those of ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are also within the protection of the present application.

Claims (24)

1. A key generation method applied to an application function AF, comprising:
when the application server AS and the terminal need to establish a service connection,
based on group keyK AF And preset parameters, generating corresponding session keys K for one or more ASs AS
2. The method of claim 1, wherein the one or more ases belong to the same trust domain.
3. The method according to claim 1, wherein the method further comprises:
transmitting a corresponding session key K to the one or more AS AS
4. The method according to claim 1, wherein the preset parameters include an AS identification as_id; said group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS Comprising:
according to the group key K AF And AS_IDs of the one or more ASes, generating corresponding session keys K for the one or more ASes AS
5. The method of claim 4, wherein the session key K is generated according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
6. The method of claim 4, wherein the as_id is sent by the one or more AS to the AF.
7. The method according to claim 1, wherein, in said step of generating said group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS Previously, the method further comprises:
obtaining the group key K AF
8. The method according to claim 7, wherein the obtaining the group key K AF Comprising:
receiving a first request of the terminal, the first request comprising an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
9. The method according to claim 7, wherein the obtaining the group key K AF Comprising:
receiving a second request of the AS, the second request including an intermediate key K AKMA A corresponding key identification;
acquiring the group key K from an application layer authentication and session key management anchor function AAnF according to the key identification AF Alternatively, the group key K is acquired from the AF itself AF
10. Method according to claim 8 or 9, characterized in that the group key K is obtained from an application layer authentication and session key management anchor function AAnF, based on the key identification AF Comprising:
sending a third request to the AAnF, wherein the third request comprises the key identification and an AF identification (AF_ID);
receiving the group key K sent by the AAnF according to the third request AF
11. A key generation method, applied to an AS, comprising:
when a service connection needs to be established with a terminal, a session key K is acquired from AF AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
12. The method of claim 11, wherein the obtaining of the session key K from the AF AS Comprising:
receiving a fourth request sent by the terminal, wherein the fourth request comprises an intermediate key K AKMA A corresponding key identification;
sending a fifth request to the AF according to the key identification, wherein the fifth request comprises the key identification and the AS_ID of the AS;
Receiving the session key K sent by the AF AS
13. A key generation method, applied to a terminal, characterized by comprising:
when a service connection is required to be established with an AS, the service connection is established according to a group key K AF And preset parameters, generating a session key K AS
14. The method of claim 13, wherein the preset parameter comprises an AS identification, as_id; generating a session key K according to the following formula AS
K AS =KDF(K AF ,AS_ID);
Wherein KDF represents a preset key derivation function, K AF Representing the group key, as_id represents the identity of the AS.
15. The method of claim 13, wherein the method further comprises:
triggering the AS to acquire a session key K AS
16. The method according to claim 15, wherein the triggering of the AS to obtain a session key K AS Comprising any one of the following:
transmitting a sixth request to AAnF, the sixth request including the intermediate key K AKMA The sixth request is used for triggering the AAnF to identify according to the group key K AF And preset parameters, generating a corresponding session key K for the AS AS
Sending a seventh request to the AS, the seventh request including an intermediate key K AKMA A corresponding key identifier, where the seventh request is used to trigger the AS to acquire a corresponding session key K from the AAnF AS
17. A key generation apparatus, which is applied to AF, characterized by comprising:
a first generation module, configured to, when the AS and the terminal need to establish a service connection, generate a group key K according to the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
18. A key generation apparatus, applied to an AS, comprising:
a first acquisition module for acquiring a session key K from AF when a service connection needs to be established with the terminal AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
19. A key generation apparatus, applied to a terminal, comprising:
a first generation module for, when a service connection needs to be established with the AS, generating a group key K according to the group key AF And preset parameters, generating a session key K AS
20. A key generation apparatus, which is applied to AF, characterized by comprising: a processor and a transceiver;
the processor is used for, when the AS and the terminal need to establish service connection, according to the group key K AF And preset parameters, generating corresponding session keys K for one or more ASs AS
21. A key generation apparatus, applied to an AS, comprising: a processor and a transceiver;
The processor is used for establishing service connection with the terminal when the service connection is neededAt this time, the session key K is acquired from the AF AS The method comprises the steps of carrying out a first treatment on the surface of the Wherein the session key K AS Is based on the group key K by the AF AF And generating preset parameters.
22. A key generation apparatus, applied to a terminal, comprising: a processor and a transceiver;
the processor is used for, when the service connection needs to be established with the AS, according to the group key K AF And preset parameters, generating a session key K AS
23. A communication device, comprising: a memory, a processor, and a program stored on the memory and executable on the processor; -characterized in that the processor is arranged to read a program in a memory for implementing the steps in the key generation method according to any of claims 1 to 16.
24. A readable storage medium storing a program, wherein the program when executed by a processor implements the steps in the key generation method of any one of claims 1 to 16.
CN202111527694.0A 2021-12-14 2021-12-14 Key generation method, device, equipment and readable storage medium Pending CN116264688A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111527694.0A CN116264688A (en) 2021-12-14 2021-12-14 Key generation method, device, equipment and readable storage medium
PCT/CN2022/139007 WO2023109865A1 (en) 2021-12-14 2022-12-14 Key generation method and apparatus, device, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111527694.0A CN116264688A (en) 2021-12-14 2021-12-14 Key generation method, device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN116264688A true CN116264688A (en) 2023-06-16

Family

ID=86722267

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111527694.0A Pending CN116264688A (en) 2021-12-14 2021-12-14 Key generation method, device, equipment and readable storage medium

Country Status (2)

Country Link
CN (1) CN116264688A (en)
WO (1) WO2023109865A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100581104C (en) * 2005-01-07 2010-01-13 华为技术有限公司 Method for arranging key in IP multimedia service subsystem network
US11863665B2 (en) * 2019-08-16 2024-01-02 Lenovo (Singapore) Pte. Ltd. Security capabilities in an encryption key request
EP4091352A4 (en) * 2020-01-19 2023-10-04 ZTE Corporation Methods and devices for establishing secure communication for applications
CN113518348B (en) * 2020-06-30 2023-05-09 中国移动通信有限公司研究院 Service processing method, device, system and storage medium

Also Published As

Publication number Publication date
WO2023109865A1 (en) 2023-06-22

Similar Documents

Publication Publication Date Title
KR102315881B1 (en) Mutual authentication between user equipment and an evolved packet core
US11722891B2 (en) User authentication in first network using subscriber identity module for second legacy network
US20190182654A1 (en) Preventing covert channel between user equipment and home network in communication system
US11870765B2 (en) Operation related to user equipment using secret identifier
US20080108321A1 (en) Over-the-air (OTA) device provisioning in broadband wireless networks
CN111147421B (en) Authentication method based on general guide architecture GBA and related equipment
CN111630882B (en) User equipment, authentication server, medium, and method and system for determining key
JP6962432B2 (en) Communication method, control plane device, method for control plane device or communication terminal, and communication terminal
CN113541925B (en) Communication system, method and device
CN109891921B (en) Method, apparatus and computer-readable storage medium for authentication of next generation system
CN114258693B (en) Mobile device authentication without Electronic Subscriber Identity Module (ESIM) credentials
US20230024999A1 (en) Communication system, method, and apparatus
US20220060896A1 (en) Authentication Method, Apparatus, And System
US20230232228A1 (en) Method and apparatus for establishing secure communication
US20220330019A1 (en) Parameters for application communication establishment
US11943624B2 (en) Electronic subscriber identity module transfer eligibility checking
US11082821B2 (en) Method for provisioning an applet with credentials of a terminal application provided by an application server and corresponding OTA platform
TW202308363A (en) Authentication between user equipment and communication network for onboarding process
CN116264688A (en) Key generation method, device, equipment and readable storage medium
US20240154803A1 (en) Rekeying in authentication and key management for applications in communication network
US20230345246A1 (en) Authentication proxy for akma authentication service
WO2023216274A1 (en) Key management method and apparatus, device, and storage medium
WO2023082161A1 (en) Secure information pushing by service applications in communication networks
CN114158028A (en) Data network authentication mode adapting method, device and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination